While SessionScoped must be associated with the built-in session context required by the specification,
third-party extensions are
allowed to also associate it with their own context. Behavior described below is only related to the built-in session context.

The session scope is active:

during the service() method of any servlet in the web application,

during the doFilter() method of any servlet filter, and

when the container calls any HttpSessionListener, AsyncListener or
ServletRequestListener.

The session context is shared between all servlet requests that occur in the same HTTP session.

The session context is destroyed:

when the HTTPSession times out, after all HttpSessionListeners have been called, or

at the very end of
any request in which invalidate() was called, after all filters and ServletRequestListeners have been
called.

An event with qualifier @Initialized(SessionScoped.class) is fired when the session context is initialized and an
event
with qualifier @Destroyed(SessionScoped.class) when the session context is destroyed. The event payload is
the HttpSession